<noinclude>
{{Header}}
</noinclude>'''1.''' Essentials.

{{Box|text=
The user needs to verify that the following prerequisites are met.

* Debian <code>{{Stable project version based on Debian codename}}</code> installed.
* A user account such as for example account <code>user</code> exists.
* Calling the user name <code>user</code> is recommended because then you could copy and paste the commands below and do not need to adjust for another user name.
}}

'''2.''' Gain administrative (root) rights. <ref>
Use any method to gain administrative (root) rights. Gain root one way or another.
</ref>

{{Box|text=
Becoming root is required because the following commands need to be run with administrative (root) rights as documented below. <ref>
When a user is using <code>su</code> to gain administrative rights, the user is required to use full path to the programs <code>addgroup</code>, <code>adduser</code>, <code>reboot</code> because when using <code>su</code> the <code>PATH</code> environment variable is not adjusted for use with root rights. See <code>echo "$PATH"</code>.

{{CodeSelect|lang=bash|code=
echo "$PATH"
}}

user rights <code>PATH</code> printout:

<pre>
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
</pre>

root rights <code>PATH</code> printout:

<pre>
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
</pre>

By comparison, when using <code>sudo</code> using /full/path/to/application is not required.
</ref>

* '''A)''' <u>Debian:</u> Use <code>su</code> or <code>sudo su</code> as documented below.
* '''B)''' <u>Most Qubes users:</u> same as above.
* '''C)''' <u>Advanced Qubes users:</u> If using a Debian minimal template or not having the <code>passwordless-root</code> package installed, see footnote. <ref>
A root terminal is required to proceed which can be started from Qubes dom0 terminal as per the Qubes upstream documentation. [[Unspecific|Unspecific to {{project_name_short}}.]]
</ref>

Try to come root by running the following command in a terminal.

{{CodeSelect|lang=bash|code=
su
}}

Executing plain <code>su</code> might not be possible depending on how Debian has been installed. <ref>
If a root password has not configured during Debian installation, Debian-Installer might have already set up <code>sudo</code>.
</ref> In that case, try.

{{CodeSelect|lang=bash|code=
sudo su
}}
}}

'''3.''' Install <code>sudo</code> and </code>adduser</code> package.
<!-- WIKI EDITORS NOTE:
Can use template Install_Package because that would use sudo which is not installed at this point.
-->

{{Box|text=
'''1.''' Update the package lists.

{{CodeSelect|lang=bash|code=
apt update
}}

'''2.''' Upgrade the system.

{{CodeSelect|lang=bash|code=
apt full-upgrade
}}

'''3.''' Install <code>sudo</code> and </code>adduser</code> package.

{{CodeSelect|lang=bash|code=
apt install --no-install-recommends sudo adduser
}}
}}

'''4.''' Root rights hardening notice.

{{Box|text=
'''Note:'''

* '''A)''' <u>Most users:</u> No special notice.
* '''B)''' <u>Advanced users:</u> If the user is intending to lockdown account <code>user</code> by not granting root rights, see footnote. <ref>
The following command <code>/usr/sbin/adduser user sudo</code> grants root rights to account <code>user</code>. If the user intents to use account <code>user</code> without root rights for better security, the user should <u>omit</u> running the <code>/usr/sbin/adduser user sudo</code> and instead 1) make sure that another Linux user account such as user <code>sysmaint</code> is a member of Linux user group <code>sudo</code> and 2) adhere to the following platform specific instructions.

* Debian: Use <code>su</code>.
* {{q_project_name_long}}: If not installing the <code>passwordless-root</code> package and/or when distribution morphing a Debian minimal template into {{project_name_short}}, root terminal is required to proceed which can be started from Qubes dom0 terminal as per the Qubes upstream documentation. [[Unspecific|Unspecific to {{project_name_short}}.]]
</ref>
}}

'''5.''' sudo configuration.

<u>Optional.</u>

Allow account <code>user</code> to run sudo without as password.

<u>Note:</u> Replace account <code>user</code> with your actual user name.

{{Tab
|type=controller
|content=
{{Tab
|title= ==Configuration File Method==
|active=true
|content=
Securely create file <code>/etc/sudoers.d/user.conf</code> using <code>visudo</code>.

{{CodeSelect|lang=bash|code=
echo "user ALL=(ALL:ALL) NOPASSWD:ALL" {{!}} EDITOR=tee visudo -f /etc/sudoers.d/nopassword >/dev/null
}}
}}
{{Tab
|title= ==Adduser Method==
|content=
Add account <code>user</code> to group <code>sudo</code>.

{{CodeSelect|lang=bash|code=
/usr/sbin/adduser user sudo
}}

Reboot required.

{{CodeSelect|lang=bash|code=
/sbin/reboot
}}

Gain administrative rights after reboot. Same as in step 2.
}}
}}

'''6.''' Create group <code>console</code>.

{{CodeSelect|lang=bash|code=
/usr/sbin/addgroup --system console
}}

'''7.''' Add your Linux account user name to group <code>console</code>. <ref>
Context: [[Dev/Strong_Linux_User_Account_Isolation#Console_Lockdown|Console Lockdown]]

Required for login into a [[Desktop#Virtual_Consoles|Virtual Consoles]] which might be handy in context of [[Recovery]].
</ref>

<u>Note:</u> Replace account <code>user</code> with your actual user name.

{{CodeSelect|lang=bash|code=
/usr/sbin/adduser user console
}}

'''8.''' Install console related packages.

This might also result in removal of <code>plymouth</code>, which is good, because it is [[unsupported]]. <ref>
https://forums.kicksecure.com/t/error-plymouth-conflict-in-debian-morphing/641
</ref>

{{CodeSelect|lang=bash|code=
sudo apt install console-data console-common kbd keyboard-configuration
}}
<noinclude>
= Footnotes =
<references />
{{Footer}}
</noinclude>

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.